CISA 2026-06-04

Hitachi Energy RTU500

Machine-generated analysis · WAYSCloud LLM

The advisory lists multiple overlapping version ranges for the RTU500 series CMU firmware, with repeated CVEs across entries, which may indicate consolidated reporting of previously disclosed issues.

Context

The Hitachi Energy RTU500 is a remote terminal unit used in critical infrastructure sectors including energy, water and wastewater, and dams, according to the advisory. The reported vulnerabilities include NULL pointer dereference, integer overflow, and infinite loop conditions, with the primary impact being denial of service affecting availability. The advisory explicitly states that exploitation could lead to crashes and disruptions in product operation. Notably, the same set of CVEs is repeated multiple times across the listed affected versions, which may reflect a formatting artifact or consolidated disclosure approach.

Operator considerations

Check: Determine if RTU500 series CMU Firmware versions between 12.7.1 and 12.7.7, 13.5.1 and 13.5.4, 13.6.1 and 13.6.3, or 13.7.1 and 13.7.8, or version 13.8.1 are in use. Patch: Upgrade to a non-affected firmware version if specified by Hitachi Energy's recommended actions. Log: Monitor for unexpected crashes or restarts of RTU500 devices, particularly following file operations involving PKCS#12 inputs.

From Cybersecurity and Infrastructure Security Agency ↗

Hitachi Energy is aware of vulnerabilities that affect RTU500 product versions listed in this document. If exploited, these vulnerabilities primarily impact product availability, with potential secondary impacts on confidentiality and integrity. Please refer to the Recommended Immediate Actions for information about the mitigation/remediation.

The following versions of Hitachi Energy RTU500 are affected:

RTU500 series CMU Firmware vers:RTU500_series_CMU_Firmware/>=12.7.1|=13.5.1|=13.6.1|=13.7.1|=13.7.1|

Read the full advisory on CISA →